This slide deck highlights the continued growth and evolution of Core Security Technologies and helps introduce an entirely new product for enterprise security testing andmeasurement - CORE INSIGHT Enterprise.
1. Core Security Technologies Corporate Overview - CONFIDENTIAL - Mark Hatton, President and CEO - CONFIDENTIAL -
2.
3.
4.
5. Test the Layers and the Seams - CONFIDENTIAL - Application Layer Host / OS Layer Network Layer Email Spreadsheet Browser App Scanners Customer Data Employee Records Network Device C Network Device B Network Device A SIEM GRC App Cfg Audting System Audting Config Reporting Vuln Scanning CISO ITSec Operations
6.
7.
8.
9.
10.
11.
12.
13.
14.
15. Controls Verification and Effectiveness - CONFIDENTIAL - Legend Controls: PCI 11.3 CAG # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Typical Products nCircle IP360, Gidean Secure- Fusion Bit9, Nessus eEye Retina, Nessus, nCircle Read Seal, Skybox, Athena Security FirePac Red Seal, Secure Passage, FireMon ArcSight, Splunk, Intelli-tactics Cenzic Hailstorm, Nessus MS Active Directory, Intelli-tactics Forescout Counter-Act nCircle, Qualys, McAfee Nessus, Rapid7, Skybox MS SMS, Security Blanket, Intelli-tactics Blink, MS SMS, Active Directory nCircle CCM, FireMon eEye Retina & Blink RSA DLP Test & Measure-ment SW Inventory and Whitelists Secure Configurations Secure Config of Network Devices Maintain and Monitor Audit Logs HW Inventory Boundary Defense Control Admin Privileges Control Access Vuln Assessment and Remediation Application Software Security Malware Defenses Wireless Device Control Data Loss Prevention Secure Network Engineering Network Ports and Protocols Penetration Testing Data Recovery Account Monitor and Control Skills Assessment/Training Incident Response CAG Test Future General Test Now Never CAG Test Now
16.
17.
18.
19.
Notas do Editor
Number of vulnerabilities is increasing False positives are un-manageable
Additional points for the “environment” section Growing opportunities for cyber-criminals Cybercriminals have low barriers to entry + low risk of getting caught New attack tools and techniques are emerging & new vulnerabilities are constantly discovered Increasing attack frequency and publicity High-profile reports of multiple public- and private-sector security breaches and exposures Widespread adoption of Enterprise 2.0 technologies including social media New customized web applications and other technologies expand attack surfaces User adoption and trust underscores importance of end-user security awareness testing